Time to Start Encrypting Your Stuff?

Category: Hard-Drives , Privacy

Fear of hackers and government snoops drives many people to encrypt their data. There are lots of tools you can use to encrypt data, and many of them are free (for personal use, at least). Here are some of the most popular encryption tools...

Free Encryption Tools

I've said for years that sending email is about as secure as sending a postcard through the mail. And now, with more mobile devices, software flaws, hackers, viruses and overzealous government agencies to deal with, it seems the files on your hard drive are about as secure as the books in a public library. The answer in both cases is encryption.

I recently published an article titled Are You Encrypting Your Email?, which covered tools you can use to scramble your email messages. Today, I'll introduce you to several free tools you can use to encrypt files, folders or entire hard drives.

Microsoft’s BitLocker is built into certain versions of Windows 7 and 8. Specifically, it’s in the Ultimate and Enterprise versions of Windows 7 and the Pro or Enterprise versions of Windows 8 or 8.1. It uses strong AES encryption with either a 128 or 256 bit key (password) to provide formidable protection. (If you don't have a qualifying version of Windows, or you don't trust Microsoft, or you use Mac or Linux, skip down to "More Free Ecnryption Tools" below.)
Encrypt Your Hard Drive

BitLocker is a “full disk” encryption tool; it encrypts nearly an entire drive or volume bit by bit. (Some files essential to boot-up, such as the Master Boot Record, must be left unencrypted.) BitLocker has its own user authentication scheme apart from the Windows logon credentials; it uses either a “startup key” or a PIN. If the computer’s hardware includes a Trusted Platform Module (TPM), the startup key is stored there and authentication occurs automatically at boot-up. Older computers lacking a TPM require the user to store the startup key on a USB drive or create a PIN; one or the other will be required each time you boot the computer.

If the boot drive is encrypted, BitLocker can detect changes to the BIOS that indicate the drive has been moved (or possibly stolen) to a new machine and lock the drive until a BitLocker recovery password is entered. The recovery password is generated and displayed before the drive is encrypted; remember to write it down and store it safely, far away from the encrypted computer.

The advantage of full disk encryption is that it requires very little from the user; all you have to do is turn on BitLocker and specify which hard drive partition(s) you want encrypted. Once enabled, BitLocker keeps data secure without relying on notoriously unreliable users to do anything. But secure from who?

BitLocker and other full disk encryption tools are best at protecting data when a computer or its drive(s) are physically stolen, or when an unauthorized user tries to access an encrypted drive. One downside to full disk encryption is that anyone with administrator privileges can still access everything on an encrypted drive. Other ordinary users of the drive will be able to access programs that you specified should be available to “all users” when you installed them, and data files stored in folders accessible to “all users.” If a hacker steals a user’s or administrator’s login credentials, he would have the same privileges. If a malware program installs itself with administrator privileges, as some do, then BitLocker won’t stop it from stealing your sensitive data.

More Free Encryption Tools

An alternative to full disk encryption is “on the fly” file-level encryption or OTFE. This technique creates an encrypted “container” file on an unencrypted drive. The container file appears as a virtual drive letter to the user and is used just as if it was a real drive. Files saved to the container are encrypted automatically, and decrypted when they are accessed. A password is required to access an encrypted container.

This method enables the co-existence of encrypted and unencrypted data on the same drive, which may be useful to some users. It also protects one user’s encrypted data against all other users of the drive, even administrators; if you don’t have the container’s password, you can’t access the data no matter what your user privileges are.

VeraCrypt is a popular open-source, cross-platform OTFE encryption tool. Versions are available for Windows, Linux, and Mac OS X. (Until recently, the gold standard for open-source encryption tools was TrueCrypt. However, this tool is no longer supported and should not be used.)

Encryption on Your Mac

Apple FileVault 2.0 is another full disk encryption tool, designed for OS X Lion or later machines. It uses XTS-AES 128-bit encryption and requires installation of the OS X Recovery feature on the encrypted Mac. You will find FileVault in the Security & Privacy pane of System Preferences. Click the FileVault tab in the Security & Privacy pane to enable or disable FileVault.

When FileVault is enabled it asks you to specify which user accounts on the Mac are allowed to unlock the encrypted drive. Other users will not be able to log on to the machine without the aid of an authorized user. But once a drive is unlocked, it remains available to all users until the Mac is rebooted.

FileVault 2.0 also generates a recovery key when it’s enabled; helpfully, it gives you the option to store a copy of the key with Apple in case you lose yours. Three user-created challenge questions are used to authenticate requests for recovery keys stored by Apple. (Hopefully, the Men in Dark Glasses have to answer those questions as well.)

Mobile and Cloud Encryption

BoxCryptor is an “on the fly” encryption utility for Windows that uses the AES-256 and RSA encryption algorithms to encrypt individual files and store them in a designated folder. That folder can be on your local hard drive or a virtual drive in the cloud; the list of supported cloud storage providers is rather lengthy. BoxCryptor apps are available for Windows, Mac, Linux, Android, and iOS. It’s free for personal use.

Cloud storage encryption is a relatively new category. Increasingly, sensitive data is being stored in cloud services such as Dropbox, Google Drive, etc. While the data centers of these services are much better protected than most home hard drives against malware, hackers, burglars, or disasters, they are quite vulnerable to government intrusion via search warrants and National Security Letters. If you store data in the cloud, you may want to encrypt it first on your local computer, before sending it off to cloud storage.

Encryption is catching on as a standard feature among hardware makers and service providers. The latest versions of iOS and Android encrypt all user data by default. Google is using the HTTPS protocol to encrypt all connections to its services, and “encourages” all Web sites to use HTTPS or see their search rankings and traffic drop. It might seem unnecessary to encrypt your own data, as the suppliers of tech increasingly do it for you.

That would be a mistake, I think. Law enforcement hates encryption, and its leaders are pushing hard for laws that force manufacturers and service providers to leave openings in their encryption schemes for government snoops – legitimate, lawful snoops, of course. But if a hole exists in a security scheme, you can bet that someone will find a way to use it unlawfully.

Laptop and removable drives are most vulnerable to theft, and therefore are prime candidates for encryption. USB thumb drives are particularly prone to loss, and can be encrypted just like any other drive. Desktops in homes are probably least in need of encryption protection. But of course, only you know what data is stored on your home computer and what might happen if it gets into the wrong hands.

What's your opinion of encryption? Are you using it? Thinking about it? Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 2 Feb 2015


For Fun: Buy Bob a Snickers.

Prev Article:
Are You Encrypting Your Email?

The Top Twenty
Next Article:
Forward Emails to Your Phone

Most recent comments on "Time to Start Encrypting Your Stuff?"

Posted by:

Jack
02 Feb 2015

One concern I have is that sending encrypted material via the internet may serve as a red flag and get the sender put on a government watch list. Is my concern real? Being on a watch list may not be a big deal to many, but could there be more serious problems down line? //jack


Posted by:

diane
02 Feb 2015

This soooo appropriate right now, best article on the subject. Tx


Posted by:

Daniel
02 Feb 2015

I'm becoming a fan of Axcrypt since it will allow encryption of files that can then be attached to emails. Also encrypts folders on the fly with AES 256. Also 7-zip will zip a file and you can change the option to add 256 bit encryption.


Posted by:

IanG
02 Feb 2015

Excellent (as usual) article, Bob - thanks.

I have recently become interested in encrypting some of my stuff and did some research. For USB sticks I find the already-installed hardware encryption type the most portable (I'm using the Kingston DTL G3). They're not much more expensive than the non-encrypted variety either.

For folders and files on my computer, I'm using TrueCrypt which has performed very well.


Posted by:

Ron
02 Feb 2015

Since I was in 1st grade, I've found encryption fascinating. I loved PigPen, Caesar Cipher, PlayFaire, before finding the ultimate (I thought at the time when I was 12) in the Vigenère cipher.

I've played with PGP back in the days of DOS, PGPi, PGPdisk, BestCrypt, and finally TrueCrypt.

If you're using DropBox, SkyDrive/OneDrive, Google Drive, etc, and you don't want to have to create an account on a website to use BoxCryptor, consider using CryptSync http://stefanstools.sourceforge.net/CryptSync.html

From it's website: "CryptSync is a small utility that synchronizes two folders while encrypting the contents in one folder. That means one of the two folders has all files unencrypted (the files you work with) and the other folder has all the files encrypted.

The synchronization works both ways: a change in one folder gets synchronized to the other folder. If a file is added or modified in the unencrypted folder, it gets encrypted. If a file is added or modified in the encrypted folder, it gets decrypted to the other folder."


Posted by:

Greg Chamberlin
02 Feb 2015

For file encryption, particularly if you are using Chrome browser, check out Minilock.io. Encryption done in the browser. Will also work if your are offline.


Posted by:

Frank
02 Feb 2015

There's also AxCrypt, DiskCryptor, AES Crypt, Kruptos, Jetico BestCrypt, and CloudFogger.


Posted by:

oldgeek
02 Feb 2015

I certainly do not trust Microsoft. They have been in bed with government for years.


Posted by:

Darin
02 Feb 2015

What I want to do is encrypt and password protect either a specific folder and subfolders, or the whole drive so that every time I want to access it or if somebody is snooping on my computer wants to look at it you have to enter the password to access it.. is there a program like that out there?


Posted by:

RandiO
03 Feb 2015

I am wondering how far Bob Rankin goes in practicing what he is preaching in his excellent article... :)

EDITOR'S NOTE: I do use encryption, but not for everything. For backups, always. When traveling, always. Other things, as needed. And that's pretty much what I preach. :-)


Posted by:

Kathleen
03 Feb 2015

Great Article. I have encryption and feel it helps keep my computer information safe, especially since I travel a lot.


Posted by:

Sandy Lumsden
03 Feb 2015

sorry but some of the instructions on some of the programs are so difficult to follow. personally I think that everything on a smaller size to a desktop should be encrypted.


Posted by:

SamG
03 Feb 2015

How long before malware includes programming that changes your encryption password? If they already take over your computer as administrator. In the past I encrypted a computer hard drive then the computer died. Removed the hard drive and spent months changing administrator file and folder privileges. After forgetting the password. Some of it involved using a Linux live disc. A real pain when this home user didn't understand privileges. It's still mysterious. And I'd rather not bother encrypting.


Posted by:

Kjay
05 Feb 2015

Hi, I have been using Cyphertite https://www.cyphertite.com/
Cloud storage, Open source,data encrypted on your computer, then encrypted again for sending to their servers. 8G free or paid data packs. Very easy to use.
Have you heard of this one Bob or recommend it?


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Time to Start Encrypting Your Stuff? (Posted: 2 Feb 2015)
Source: http://askbobrankin.com/time_to_start_encrypting_your_stuff.html
Copyright © 2005 - Bob Rankin - All Rights Reserved